Security Vulnerabilities - CVEs Published In March 2024
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-03-28
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-03-28
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-28
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
CVSS Score
7.4
EPSS Score
0.0
Published
2024-03-28
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
CVSS Score
6.8
EPSS Score
0.001
Published
2024-03-28
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
CVSS Score
4.6
EPSS Score
0.878
Published
2024-03-28
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-03-28
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-28
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-28
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-03-28